中国企业数据保护的法律困境与完善路径研究

With the advancement of technologies such as the Internet of Things (IoT) and cloud computing, corporate data has emerged as a key factor of production in the digital economy era. This study analyzes the limitations of China’s current legal framework for the protection of corporate data, based on its four inherent characteristics: intangibility, non-rivalry, non-excludability, and non-consumability, and proposes potential legal and institutional improvements. The main legal challenges in protecting corporate data within the Chinese legal system are as follows. First, although Article 127 of the Civil Code designates data as an object of civil rights, it fails to clarify its legal nature. As a result, judicial practice has had to rely heavily on general clauses of the Anti-Unfair Competition Law (AUCL), leading to overextension and legal uncertainty. Second, under the current intellectual property rights (IPR) regime, there exist structural limitations in protecting corporate data. The Copyright Law only extends protection to databases that involve creative selection or arrangement, thereby excluding machine-collected raw data commonly held by enterprises from the scope of protection. Third, the AUCL lacks specific provisions tailored to data-related unfair practices. As a result, most disputes are adjudicated based on general principles, which often results in subjective judicial interpretations. In particular, the criterion of "commercial ethics" is ambiguously defined and inconsistently applied. Moreover, the requirements for trade secret protection under the AUCL—namely, non-publicity and reasonable confidentiality measures—conflict with the inherently non-exclusive and circulatory nature of corporate data, thereby revealing fundamental legal incompatibilities. To address these issues, this study proposes the following legal reforms to enhance corporate data protection in China. First, in terms of entitlement and registration, it is proposed to establish a nationwide blockchain-based data property rights registration platform in accordance with the 2024 Guidelines for Data Asset Registration. Furthermore, drawing from the 2025 Regulations on Government Data Sharing, a three-tiered rights framework— comprising data resource ownership, data processing and usage rights, and data product operation rights—should be introduced to accommodate layered entitlements. Second, in the domain of intellectual property protection, legislative efforts should be made to grant limited exclusive rights to non-original databases. Additionally, statutory exemptions for compulsory licensing should be introduced for purposes of scientific research and public interest. Third, in the realm of regulatory enforcement, the inclusion of a dedicated data-related provision under Article 12(4) of the 2024 Draft Amendment to the AUCL should be supported. This study systematically identifies the structural limitations and underlying causes within China’s current legal regime surrounding corporate data and proposes practical and enforceable countermeasures. Ultimately, it aims to contribute to the development of a China-specific data governance model that enables the balanced protection, circulation, and utilization of data in the digital economy.